Crypto Exchange WazirX Hit With ‘Security Breach,’ $235 Million Moved

Indian crypto exchange WazirX has suffered a “security breach” after almost $235 million in funds were moved in a suspicious transfer.

In a tweet, the exchange confirmed that one of its multisig wallets had experienced a security breach, and that it was “actively investigating the incident.” It added that crypto and rupee withdrawals have been “temporarily paused” following the breach.

The firm did not comment on the amount of cryptocurrency affected by the breach, but an earlier tweet by blockchain security firm Cyvers indicated that $234.9 million in funds had been moved to a new address, funded by coin mixer Tornado Cash.

Cyvers reported that assets swapped to ETH in a series of “suspicious transactions” included PEPE, GALA and USDT.

This incident is the latest in a series of high-profile cryptocurrency exchange hacks that have plagued the industry in recent years.

In March 2022, the Ronin Network suffered a staggering $615 million loss, believed to be orchestrated by North Korean hackers.

Just months earlier, in August 2021, the Poly Network faced a $611 million breach, though the funds were later returned by the hacker who claimed it was merely a test of the system's vulnerabilities.

The crypto world was further shaken in November 2022 when FTX, once a powerhouse in the industry, lost $600 million to hackers on the very day it declared bankruptcy.

This was followed by another blow to the industry when Binance, one of the largest exchanges globally, lost over $100 million in October 2022 due to a cross-chain bridge exploit.

These recent incidents echo earlier hacks that sent shockwaves through the crypto community.

In January 2018, Tokyo-based Coincheck lost $534 million in NEM coins, while the infamous Mt. Gox hacks in 2011 and 2014 resulted in losses totaling over $437 million, ultimately leading to the exchange's demise.

More recent incidents include the December 2021 Bitmart hack, where $196 million was stolen using compromised administrator keys, and the Nomad Bridge attack, which saw $190 million drained through a cross-chain functionality exploit.

Coin mixer Tornado Cash, which was reportedly used to move funds from WazirX in today's incident, was sanctioned by the U.S. Treasury in August 2022. The Treasury claimed at the time that it had been used to launder "more than $7 billion worth of virtual currency since its creation in 2019" in a statement, a figure disputed by blockchain analytics firm Elliptic.

The mixer's founder Roman Storm is currently awaiting trial on charges of conspiring to operate an unlicensed money transmitter, facilitating money laundering and sanctions evasion. His fellow Tornado Cash developer Alexey Pertsev was found guilty of money laundering by a Dutch court in May, and sentenced to 64 months in prison. Pertsev, who has appealed his conviction, was denied bail by a Dutch court earlier this month.